When building an insider risk management program, don't start "too large or too quickly," says Randy Trzeciak of Carnegie Mellon University. He says the first step is to protect your organization's critical assets and services and then "build a risk program appropriate to those assets."
Canada's Desjardins Group has reached an out-of-court settlement to resolve a data breach class action lawsuit. The breach, which the credit union group first disclosed in 2019, traced to a "malicious" insider who for 26 months had been selling personal details for 4.2 million active customers.
The "Great Resignation" over the past year has created a host of concerns around both malicious and accidental data theft, says Code42 President and CEO Joe Payne. Even though employees often aren't looking to wreak havoc on their way out, a lack of understanding can lead to serious headaches.
A former IT consultant has been charged with allegedly hacking into a computer server of a healthcare company client that had months earlier denied him employment with the organization. Experts say the case spotlights insider threats that must not be underestimated.
While major hacking incidents regularly grab headlines, insider threats - including malicious individuals, careless workers and third-party contractors - continue to pose significant and sometimes underestimated risk to healthcare sector entities, federal authorities warn.
Each day organisations face new threats that jeopardise their critical networks. Gaining visibility into the security risks your supply chain or third-party vendors pose to your organisation is a growing priority among cybersecurity leaders. Next-generation cybersecurity practices will require organisations to align...
A high-ranking U.S. government official has been convicted of stealing the personal information of thousands of federal workers as well as government software. Murali Y. Venkata, 56, was acting branch chief at the DHS's Information Technology Division in the Office of the Inspector General.
Investment platform Cash App, a subsidiary of U.S.-based payments company Block, says it has been breached. The incident happened last year when a former employee downloaded reports containing Cash App U.S. customer information, including full names, brokerage account numbers and portfolio values.
Access Health, Connecticut's health insurance exchange under the Affordable Care Act, experienced dozens of mostly small data breaches over about a 3 1/2-year period, and the vast majority involved one contractor, says an auditor report that recommends the exchange make improvements to data security.
In this interview with Information Security Media Group, Tony Richards, Office of the CISO, Google Cloud, and Tim Erridge, Vice President of Services, Unit 42 Palo Alto Networks, discuss how security leaders can strengthen their threat intelligence programs to successfully preempt future attacks.
The latest edition of the ISMG Security Report reviews the latest cyber resilience "call to action" from the White House and also explores authentication provider Okta's failure to inform hundreds of customers in a timely manner that their data could have been stolen by the Lapsus$ group.
The pandemic has raised the ante significantly for the attack surface and the level of insider threats facing healthcare sector entities, according to Dave Bailey, vice president of security services, and attorney Andrew Mahler, vice president of privacy and compliance, of consultancy CynergisTek.
Insider risk and data loss prevention (DLP) are a top concern for organisations today. And it makes sense, with a distributed workforce and increasing reliance on technology, legacy, on-prem DLP technology hasn’t lived up to its promises.
That’s because data loss begins with people, whether careless, compromised...
Hacking incidents still dominate the major health data breaches being reported to the U.S. Department of Health and Human Services in the first months of 2022 by far, with only one other type of breach appearing on the federal tally so far this year. Are organizations missing other breaches?